Proftpd es un servidor FTP, altamente configurable, del cual podemos administrar los usuarios mediante PAM,Mysql,etc.
Cuando tienes muchos usuarios dentro de tu servicio
FTP se puede volver algo engorroso o quizás no funcional la administración de dichos usuarios, para ello debemos recurrir a una nueva forma mas eficaz,rapida y mas amigable. En ello encontramos
Proftpd_Admin el cual nos permite agregar,eliminar y crear cuotas de almacenamiento o de archivos, de una forma gráfica, fácil y rápida.
Con esta herramienta se crean usuarios delimitados por grupos y cuotas, y todo aquello queda almacenado en el motor Mysql.
sin mas preámbulo, la instalación comienza descargando Proftptd y el modulo mysql para la autenticacion
como prerequisito debes tener instalado apache,php5, el modulo php-mysql y por lo mínimo conocimientos básicos de apache.
1) instalacion de proftpd
#apt-get install proftpd proftpd-mod-mysql mysql-server
Descargamos Proftpd_Admin desde
aquí , que es básicamente una pagina web.
Descomprimimos en /var/www/nombredominio :
a) debes cargar la siguiente estructura en mysql, te recomiendo
phpmyadmin para gestionar el siguiente script:
CREATE DATABASE proftpd_admin;
USE proftpd_admin;
CREATE TABLE usertable (
userid text,
passwd text,
homedir text,
shell text,
uid int(11) NOT NULL auto_increment,
gid int(11) default NULL,
count int(11) NOT NULL default '0',
lastlogin datetime NOT NULL default '0000-00-00 00:00:00',
lastlogout datetime NOT NULL default '0000-00-00 00:00:00',
expiration datetime NOT NULL default '0000-00-00 00:00:00',
disabled tinyint(4) default '0',
det_name tinytext,
det_mail tinytext,
det_adress tinytext,
det_notes tinytext,
PRIMARY KEY (uid)
) TYPE=MyISAM;
CREATE TABLE grouptable (
groupname text,
gid int(11) NOT NULL auto_increment,
members text,
description tinytext,
PRIMARY KEY (gid),
UNIQUE KEY gid_2 (gid),
KEY gid (gid)
) TYPE=MyISAM;
CREATE TABLE xfer_stat (
userid text,
file text,
size bigint(20) default '0',
address_full text,
address_ip text,
command text,
timespent text,
time text,
cmd text,
dunno text
) TYPE=MyISAM;
CREATE TABLE `ftpquotalimits` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`per_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'hard',
`bytes_in_avail` float NOT NULL default '0',
`bytes_out_avail` float NOT NULL default '0',
`bytes_xfer_avail` float NOT NULL default '0',
`files_in_avail` int(10) unsigned NOT NULL default '0',
`files_out_avail` int(10) unsigned NOT NULL default '0',
`files_xfer_avail` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`name`)
) TYPE=MyISAM;
CREATE TABLE `ftpquotatallies` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_in_used` float NOT NULL default '0',
`bytes_out_used` float NOT NULL default '0',
`bytes_xfer_used` float NOT NULL default '0',
`files_in_used` int(10) unsigned NOT NULL default '0',
`files_out_used` int(10) unsigned NOT NULL default '0',
`files_xfer_used` int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;
CREATE TABLE admintable (
ID INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(30) NOT NULL,
password CHAR(64) NOT NULL,
email VARCHAR(100) NOT NULL,
lastlogin datetime NOT NULL default '0000-00-00 00:00:00',
disabled tinyint(4) default '0',
falseLogins int(11) NOT NULL default '0'
) TYPE=MyISAM;
INSERT INTO usertable (uid) VALUES (9999);
DELETE FROM usertable WHERE uid=9999;
INSERT INTO grouptable (gid) VALUES (9999);
DELETE FROM grouptable WHERE gid=9999;
INSERT INTO grouptable (groupname, description) VALUES ("admins", "Administrators");
INSERT INTO grouptable (groupname, description) VALUES ("users", "Ordinary users");
/* prodtpd-administratror user */
GRANT ALL ON usertable TO proftpd@ftp IDENTIFIED BY 'test';
GRANT ALL ON grouptable TO proftpd@ftp IDENTIFIED BY 'test';
GRANT ALL ON xfer_stat TO proftpd@ftp IDENTIFIED BY 'test';
GRANT ALL ON ftpquotatallies TO proftpd@ftp IDENTIFIED BY 'test';
GRANT ALL ON ftpquotalimits TO proftpd@ftp IDENTIFIED BY 'test';
GRANT ALL ON admintable TO proftpd@ftp IDENTIFIED BY 'test';
/* userQuota.php DB User */
GRANT SELECT ON * TO userview@ftp IDENTIFIED BY 'test123';
b) entraremos a el proftpd_admin,desde el navegador http://localhost/eldominio o
http://eldominio. posiblemente nos salga esto:
Si no tienes este inconveniente pasa al paso C.
Esto ocurre porque nuestro archivo configuration.xml no tienes los permisos de lectura y escritura adecuados:
#chmod 776 configuration.xml
c) Ahora tenemos nos salda esto:
esto nos dice que debemos configurar el accesso a la base de datos: nos vamos a la paleta configure y nos dira:
lo recomendable es que la base de datos creada proftpd_admin tenga su propio usuario, y no el root del sistema, ademas.
este punto no necesita mucha explicacion; username: nombre dueño base datos
password:"lacontraseña"
hostname"donde esta mysql, en este caso localhost"
database:"en este caso proftpd_admin" (como sale en el script superior)
d) Configuraremos los archivos de proftpd para gestionar los usuarios con mysql:
estos en Debian squeeze se encuntran en: /etc/proftpd de los archivos alojados nos interesa proftpd.conf,modules.conf y agregaremos include_mysql.conf
vamos a hacer un backup de este:
cp proftpd.conf proftpd.conf.back
remplazamos el proftpd.conf por:
ServerName "Server Ncw"
ServerType standalone
ServerIdent on "Bienvenido"
DeferWelcome on
DefaultServer on
DisplayLogin .welcome # Textfile to display on login
DisplayConnect .connect # Textfile to display on connection
#DisplayFirstChdir .firstchdir # Textfile to display on first changedir
UseReverseDNS off
IdentLookups off
Port 21
Umask 022
MaxInstances 15
MaxClientsPerHost 3 "Only %m connections per host allowed"
MaxClients 10 "Only %m total simultanious logins allowed"
MaxHostsPerUser 1
User ftp
Group nogroup
ScoreboardFile /var/log/scoreboard
#carga modulos
Include /etc/proftpd/modules.conf
# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Define log-files to use
TransferLog /var/log/proftpd.xferlog
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
ExtendedLog /var/log/proftpd.auth_log AUTH auth
ExtendedLog /var/log/proftpd.paranoid_log ALL default
SQLLogFile /var/log/proftpd.mysql
QuotaLog /var/log/proftpd.quota
# Set up authentication via SQL
# ===========
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo proftpd_admin@localhost usuario contraseña
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"
# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable
# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"
# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat
# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail,bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used,files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1},bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4},files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
AllowStoreRestart on
AllowRetrieveRestart on
RequireValidShell off
PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/
AllowOverwrite on
HideNoAccess off
AllowAll
DenyGroup !admins
AllowOverwrite on
HideNoAccess on
DenyGroup !admins
AllowAll
en la linea 45 hay que cambiar usuario por el dueño de la base de datos proftpd_admin y la contraseña de esta misma
2) modificar (reemplazar) el archivo modules.conf por:
#
# This file is used to manage DSO modules and features.
#
# This is the directory where DSO modules reside
ModulePath /usr/lib/proftpd
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
# Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other
# SQL backend engine to use this module and the required backend.
# This module must be mandatory loaded before anyone of
# the existent SQL backeds.
LoadModule mod_sql.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c
#
# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required
# to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#
# Install proftpd-mod-mysql and decomment the previous
#mod_sql.c module to use this.
LoadModule mod_sql_mysql.c
# Install proftpd-mod-pgsql and decommen the previous
# mod_sql.c module to use this.
#LoadModule mod_sql_postgres.c
# Install proftpd-mod-sqlite and decomment the previous
# mod_sql.c module to use this
#LoadModule mod_sql_sqlite.c
# Install proftpd-mod-odbc and decomment the previous
# mod_sql.c moduleto use this
#LoadModule mod_sql_odbc.c
#LoadModule mod_radius.c
LoadModule mod_quotatab.c
#LoadModule mod_quotatab_file.c
# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
LoadModule mod_quotatab_sql.c
#LoadModule mod_quotatab_radius.c
#LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
#LoadModule mod_wrap2.c
#LoadModule mod_wrap2_file.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_wrap2_sql.c
#LoadModule mod_dynmasq.c
# keep this module the last one
LoadModule mod_ifsession.c
#cuota tabs
nos falta el include_mysql.conf:
AllowStoreRestart on
AllowRetrieveRestart on
RequireValidShell off
PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/
# Set up authentication via SQL
# ===========
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo proftpd_admin@localhost proftpd new159753
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"
# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable
# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"
# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat
# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
SQLDefaultUID 65534
CreateHome on 1770 uid 0 gid 0
### Shaper ###
TransferRate RETR 1000.0
TransferRate STOR 1000.0
reiniciamos nuestro proftpd
/etc/init.d/proftpd restart
nuevamente accedemos al dominio que asignamos a apache o http://localhost/proftpd_admin y debemos ir a configure > Filepaths saldrá:
en el campo who va: /usr/bin/who
en el campo ftpwho:
/usr/bin/ftpwho
en kernel configuration file:
/usr/src/linux-headers-2.6.32-5-amd64 (esto depende de tu kernel)
y finalmente proftpd:
/usr/sbin/proftpd
es probable que en configure -> extensions->quota, nodeje habilitarlas; dirigete al archivo configuration.xml que esta en /var/www/eldominio y encuentra:
donde sale un 0 cambialo por un 1, y listo, la demas configuracion es intitutiva, la creación, modificación , asignación de reglas y quota,etc.
Francisco.